I read that attackers are using Web proxies to hide the devices performing their attacks. I know we could just...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
block IP addresses, but some of our clients also use Web proxies. Is there another way to block and prevent these attacks without losing legitimate communications?
Attackers have been obfuscating source IP addresses almost as long as IP networks have been in use. Many of the previous methods of hiding source IP address -- such as forging the source IP address -- have been prevented by following recommendations from BCP38, namely, by only routing network traffic for your enterprise networks and customers.
While detection systems have improved over the last almost 25 years since BCP38 was published, there are still many ways to obfuscate the source IP address of the devices performing the attacks; it can be done using Tor, a Web proxy or network address translation. It's important to also note that Web proxies can be used to improve the security of a system by filtering out malicious encrypted traffic that passes through the Web proxy unencrypted. Web proxies also provide some level of anonymity for a legitimate user. However, Web proxies can also be used to negatively impact privacy, but that is a different story for a different time.
Blocking individual IP addresses or Web proxies is not going to be scalable. But increasing monitoring for individual IPs that are suspicious could help identify an attack in progress and help identify which systems have been compromised.
Enterprises can also subscribe to a blacklist or threat intelligence service to help keep an up-to-date IP block list to block only unapproved proxies. However, this could still be very challenging, as you don't want to block legitimate customers. Depending on how you want to block malicious connections, you could improve the authentication used to validate legitimate connections or even put a Web proxy (or Web application firewall) in front of your Web applications to filter out unauthenticated connections to the destination Web application. You could also whitelist customer's networks to allow access to the Web application.
Dig Deeper on VPN security
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.